好办法,在MySQL表数据进行加密? [英] Good way to encrypt data in MySQL table?
问题描述
我的工作在PHP中的车队管理系统。我的位置跟踪GPS(基于SMS):我收到一条短信,包含坐标(纬度,经度)
我要的是这些坐标进行加密。当涉及到数据库应该加密,当我的web应用程序需要它,应该转换(解密),以原来的形式。我要保护的坐标的非法访问。
现在,如何以及我应该在那里做数据的加密和解密?我需要你的意见 - 我搜索了很多,但没有获得成功。
。有可能是没有意义的加密,这些坐标 - 任何人谁有权访问你的数据库如:数据库管理员可能还可以访问Web服务器上的解密密钥(假设你正在考虑使用对称加密的)。因此,您应该制定出你想什么样的威胁,以防止,然后看看你的做法会做到这一点。
如果你担心黑客,同样的规则适用于作为一个无赖员工:黑客谁可以窃取你的数据库的副本可能是能够窃取文件从Web服务器
。如果您的位置数据并不需要进行经常解密,或者如果有人必须输入密码才能看到它,这可能是更容易实现。可以用一个公共密钥加密的坐标,然后只解密它们与密码保护的私钥。谁得到的公开密钥的保持攻击者将不能使用它来进行解密。
这是值得考虑的这一数据也不管是如此宝贵和私人,这是值得加密都:你可以投资的钱,你会花在这个项目上的code第三方的安全审计,而不是<。 / P>
最后,如果该数据被认为是私人的数据保护的原因,考虑模糊测试的数据(即引入随机误差的小的水平),而不是将其加密。这仅仅是一个选择,如果你不需要你的车辆的精确坐标。这是健康的审判中,详细的位置数据创建了一个私密的风险使用匿名化数据的数据保护技术。当然,准确的位置数据是车辆跟踪被盗的情况下很有用,所以你需要决定你的重点在这里什么。
延伸阅读:您可能会感兴趣的一本书叫做半透明数据库,该考虑的加密,散列和起毛建立数据保护的数据库系统的背景下。这是一个非常耐人寻味的读取。
I am working on a fleet management system in PHP. My location tracking is GPS (SMS based): I receive an SMS that contains coordinates (Lat,Lng).
What I want is to encrypt those coordinates. When it comes to database it should be encrypted and when my web application wants it it should convert (decrypt) to its original form. I want to protect the coordinates from illegal access.
Now, how and where should I do encryption and decryption of that data? I need your opinions - I searched a lot but didn't get success.
There may be no point in encrypting these coordinates - anyone who has access to your database e.g. a database administrator will probably also have access to the decryption key on the web server (assuming you are thinking of using symmetric encryption). Thus, you should work out what kind of threat you are trying to protect against, and then see if your approach would do that.
If you are worried about hackers, the same rules apply as a rogue employee: a hacker who can steal a copy of your database may well be able to steal files off the web server.
If your location data does not need to be decrypted often, or if someone must enter a password to see it, that might be more achievable. You can encrypt the coordinates with a public key, and then only decrypt them with a password-protected private key. An attacker who gets hold of the public key will not be able to use it to decrypt.
It's worth considering also whether this data is so valuable and private that it is worth encrypting at all: you could invest the money you would spend on this project on a third-party security audit of your code instead.
Finally, if this data is regarded as private for data protection reasons, consider fuzzing the data (i.e. introducing small levels of random inaccuracy) rather than encrypting it. This is only an option if you don't need exact coordinates of your vehicles. This is a data protection technique used anonymise data in health trials, where exact location data creates a privacy risk. Of course exact location data is useful for vehicle tracking in the event of theft, so you need to decide what your priorities are here.
Further reading: you might be interested in a book called Translucent Databases, which considers encryption, hashing and fuzzing in the context of building data-protected database systems. It's a very thought-provoking read.
这篇关于好办法,在MySQL表数据进行加密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
